An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:RedRobocode
APPRobocode1.9.3.6
Related vulnerabilities
Path Traversal w Robocode CacheCleaner — usuwanie dowolnych plików
Integer overflow w klasie Buffer Robocode umożliwiający RCE
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated ...
Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via...
The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by u...